The logic of the same-level authority taking effect

There are three authority carriers in the data decision-making system: department, role, and user.

There are various authority entities in the data decision-making system: personnel management, directory authority, management system, data connection, and timing scheduling.

For the same permission entity, the user permission priority is higher than that of other permission carriers.

• If there are user rights, the user rights shall prevail.

• If there is no user permission, the union of the department and role permissions takes effect.

• The user's department is in a tree structure. When the permissions of different levels of departments are different, the permissions of the smallest department will take effect.

1. Minimum sector

question:

User Wang Fang works in the "Recruitment Team" of the company's "Human Resources Department".

The department "Human Resources Department" has the "View" permission of the directory "Employee Salary Slip".

The department "recruitment group" does not have the "view" permission of the directory "employee salary slip".

Can Wang Fang check the catalog "employee salary slips"?

Answer:

Wang Fang's smallest department is "recruitment group", so Wang Fang's authority takes effect according to the authority of "recruitment group", and does not have the "view" authority of the directory "employee salary slip".

Note: The "Recruitment Team" here is a subordinate department of the "Human Resources Department". If Wang Fang belongs to two parallel departments at the same time, the principle of "combination of authority" will be followed.

2. User rights take precedence

question:

User Xiao Ming, his role is "core classmate".

The role "Core Classmates" has the "View" permission of the "R&D Data" directory.

User "Xiao Ming" does not have the "View" permission for the directory "R&D Data".

May I ask if Xiao Ming can check the catalog "R&D data"?

Answer:

The "User Permissions" are set separately, so the user permissions prevail, regardless of the role/department permissions, so Xiaoming does not have the "View" permission for the "R&D Data" directory.

3. Permission union

question:

User Zhang San, his department is the "operation group", and his role is "core classmates".

The department "operation group" has the "view" and "edit" permissions of the directory "annual meeting data".

The role "core classmates" only has the "view" permission of the directory "annual meeting information".

What authority does Zhang San have on the catalog "Annual Meeting Materials"?

Answer:

In the absence of user permissions, the union of department and role permissions takes effect. Therefore, Xiao Ming has the "view" and "edit" permissions of the directory "Annual Meeting Information".

Under the "User final authority" tab, if a yellow sign appears next to the authority entity, it means that the authority has been individually set for the user.

Even if all permissions are turned off, as long as there is a yellow sign, it means that "user permissions" have been set separately.

To clear "User Privileges", click "Restore Inherited Privileges" above.